System or security managers adaptive response tool

This paper describes the design and function of a system being developed under a DARPA SBIR Phase I and II project for Adaptive Network and Security Management. The system is called SoSMART (System or Security Managers Adaptive Response Tool). The objective of our system is to provide an automatic, adaptive response capability that provides 24/7 around the clock monitoring and response to system and security functions across a network of completing systems. To achieve this objective we combine an agent architecture and Case-based reasoning (CBR) with available system management or security tools. The agent architecture is used for tool integration, functional abstraction and as a medium for distributed reasoning. The CBR is used to define incident/response pairings that can recognize situations that require response and associate response actions with those situations. An important aspect of our system is its use of CBR´s adaptation process to allow it to dynamically adapt it´s control and monitoring activity as the system operates. This paper contains an overview of our approach, a description of important system details, a worked example of the systems operation and finishes with a summary